Fraud Internal Control Frank M Klaus CPA Fraud

Fraud & Internal Control Frank M. Klaus, CPA

Fraud Definition � Fraud is the misappropriation of assets for the benefit of an individual. � “Willful misrepresentation by one person of a fact inflicting damage on another person. ” � “Any act involving the use of deception to obtain an illegal advantage. ” ISACA

Fraud in operations. � Association of Certified Fraud Examiners � 2006 Report to the Nation on Occupational Fraud and Abuse � The median government and not-for-profit frauds were around $100, 000.

SAS No. 55 � “Fraud is an intentional act the results in a material misstatement in financial statements that are the subject of an audit. ”

SAS No. 82 � “Consideration of Fraud in a Financial Statement Audit” � Adopted in 1997 � Purpose: To clarify the auditor’s responsibility to detect fraud. � Revised as SAS No. 99

SAS No. 99 � Effective � Same � Time December 2002 title as SAS No, . 82 period of: � Post Enron � SOX 2002

SAS No. 99 (Continued) � Issued in response to the past ineffectiveness of risk assessment process during audit. � Requires auditor to gauge the exposure of the entity to the risk of fraud. � “Brainstorming” requirement.

What does fraud include? � Fraud includes: � Balance � Theft Sheet Misstatement of Assets

The Fraud Triangle � The three elements required for FRAUD:

The three side of the FRAUD triangle. � 1. Opportunity � 2. Rationalization � 3. Pressure

Internal Control Issues � The importance of good policies and procedures. � Communicate � Publish � Update

Segregation of Duties � The importance of “segregation of duties” to the internal control process.

Yellow Book � The role of the “Yellow Book” in the internal control process. � The role of the government auditor. importance of review and approval by supervisors.

Yellow Book Update � Government Auditing Standards � GAGAS: Generally Accepted Government Auditing Standards � Provides a framework for conducting high quality audits with competence, integrity, objectivity, and independence.

2007 Yellow Book � Current Edition � Superseded by the 2011 Yellow Book

2011 Yellow Book � Effective for financial audits and attestation engagements for periods ending on or after December 15, 2012, � And for performance audits beginning on or after December 15, 2011. � Early implementation is not permitted.

Resources � Electronic � GAO’s version of document available. Yellow Book Web Page � http: //www. gao. gov/yellowbook � Not subject to copyright protection.

The Role of the Client. � The client has a responsibility to: � Cooperate � Keep with the auditor informed of status updates. � Participate in activities such as � Flowcharting � Narratives

The Client Conference � The final conference is in addition communication during the audit process. � Client � Who sign-off at the conclusion of the audit. should attend the final conference? � Follow-up, � Timing if required.

Management’s Responsibility � Set the Proper Tone at the Top of the Organization. � Develop and implement policies and procedures. � Communicate importance and seriousness of issue.

Management’s Responsibility (Cont’d) � Demonstrate � Not by actions just lip service � Importance of ATTITUDE.

COSO Framework � Committee � AAA � AICPA � IIA � IMA � FEI of Sponsoring Organizations

COSO � Formed by Treadway Commission to develop a framework in which organizations could understand improve their internal controls. � In 1992 issued Internal Control—Integrated Framework � Congress mandated controls reporting for public companies in 1992.

COSO Update � 2006: Internal Controls over Financial Reporting— Guidance for Smaller Public Companies � 2007: New auditing standards provide further support for the COSO Standards.

Five Components of COSO � 1. Control environment � Sets the overall controls tone of an organization. � Foundation control. for all other components of internal

Five Components of COSO � 2. Risk Assessment � Entity’s identification and analysis of risks in the achievement of its objectives. � Risks should be identified and managed.

Five Components of COSO � 3. Information and Communication � Relates to the systems and reports that enable management and employees to carry out their objectives.

Five Components of COSO � 4. Control Activities � Processes, � Help Policies, and Procedures ensure that management directives are carried out. � Consist of controls over the process.

Five Components of COSO � 5. Monitoring � Process that oversees internal control performance.

COBIT � Published by the IT Governance Institute. � COBIT: Control Objectives for Information and related Technologies � Provides good practices across a domain and process framework and presents activities in a manageable and logical structure.

Business Orientation of COBIT � The business orientation of COBIT consists of linking business goals to IT goals. � Management Information � Dashboard � Scorecard � Benchmarking

Common Fraud Risk Areas � Sales and Cash Receipts � Purchasing and Cash Disbursements � Payroll � Equipment, Inventory and Anything Not Bolted Down

Antifraud Controls & Programs � 1. Culture � Tone at the Top � Workplace Environment � Hiring & Promotion � Training � Disciplinary Action

Antifraud Controls & Programs � 2, Evaluating Antifraud Processes and Controls � ID Risk � Mitigate Risks � Implement Controls � Monitor Controls

Antifraud Controls & Programs � 3. Oversight � Audit Committee � Inspector General � Internal Auditor � Independent External Auditor � Certified Fraud Examiner

Antifraud Controls & Programs � 4. Miscellaneous � AICPA � ISACA � ACFE � International Standards of Auditing

Conclusion � 1. Fraud can occur in any organization. � 2. Management must set the tone at the top. � 3. Everyone should be cognizant of the organization’s internal control policies and procedures. � 4. Policies and procedures must be monitored and enforced.

Final Thought � “The best fraud is no fraud. ”

Contact Information � Frank M. Klaus, CPA � Cleveland State University � Department of Accounting � 2121 Euclid Avenue � Cleveland, OH 44115 � F. Klaus@csuohio. edu